Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create an website monitoring alert?

Germaine1989
Engager
‎10-10-2022 11:15 PM

Hello,

I have some websites I monitor.
I want to receive an alert when a website is not available more than 15 minutes.
Can you help me create a query for that?

Labels (2)
Labels
0 Karma
Reply

GaetanVP
Contributor
‎10-11-2022 12:34 AM

Hello @gcusello,

I agree with you, just for my curiosity, would you setup the alert like this ?

GaetanVP_0-1665473552547.png

Thanks for your posts that I always enjoy to read !

Regards,
GaetanVP  

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-11-2022 02:18 AM

Hi @GaetanVP,

yes, it's correct.

Ciao.

Giuseppe

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-11-2022 12:20 AM

Hi @Germaine1989,

I suppose that when your website is down you don't have any log from it, in this case you can create a simple alert

index=<your_index> host=<your_host>

to run every 10 minutes, the alert must fire if you don't have results.

If instead you continue to have logs from that host, you have to identify the logs that demonstarte that the log is up, and then insert this additional condition to the above search.

Ciao.

Giuseppe

Reply

Germaine1989
Engager
‎10-11-2022 12:49 AM
  • Thanks for you answer.

    I dont know what you mean with your_index
    I don't have any specific index for the Website Monitoring Add on.
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-11-2022 02:16 AM

Hi @Germaine1989,

you surely archive the logs from the website in one or more indexes that I don't know: "<your_index>" means this or these index/es.

Ciao.

Giuseppe

 

0 Karma
Reply

Germaine1989
Engager
‎10-11-2022 02:50 AM

i have found something.

what can i set up as a condition?

Trigger Conditions

I want to trigger an alert when a website is failed more than 15 minutes.

Germaine1989_0-1665481813194.png

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-11-2022 02:55 AM

@Germaine1989,

as I said, you have to create a search that usually has results, and that the condition "results=0" is the firing condition.

then you can create the alert firing with the condition results=0.

in the search you have to define a time period of 15 minutes and schedule the alert every 15 minutes.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with William Searle

The Splunk Guy: A Developer’s Path from Web to Cloud William is a Splunk Professional Services Consultant with ...

Major Splunk Upgrade – Prepare your Environment for Splunk 10 Now!

Attention App Developers: Test Your Apps with the Splunk 10.0 Beta and Ensure Compatibility Before the ...

Stay Connected: Your Guide to June Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...
Top